i18国际化文案翻译

Security checks across malware telemetry and agentic risk

Overview

This skill helps translate frontend app text and update locale files; that file-editing behavior is disclosed and aligned with its purpose.

Install this only if you want an agent to help modify frontend source and localization files. Review the diff before applying changes, and clarify when you only want translation advice rather than code edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill’s activation description is very broad, triggering on generic requests about internationalization, translation, or multilingual support. In an agent environment, this can cause the skill to activate in contexts beyond frontend code i18n work, leading to unintended file edits, incorrect workflow selection, or interference with other more appropriate skills.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill prescribes fixed English translation casing conventions without first checking user requirements, target locales, or project standards. This can cause unauthorized or incorrect modifications to localization content, especially in projects that are not English-first or that follow different style guides, reducing translation quality and creating subtle integrity issues across locale files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal